Merge pull request #975 from randytarampi/fix/support-disabling-cooki…

…e-validation-on-resource-routes Also support `--disableCookieValidation` when we `createResourceRoutes`.
dherault · May 5, 2020 · 7d40506 · 7d40506
2 parents aefcb0e + cba41e2
commit 7d40506
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 0 deletions.
diff --git a/src/events/http/HttpServer.js b/src/events/http/HttpServer.js
@@ -901,8 +901,20 @@ export default class HttpServer {
       }
 
       const hapiMethod = method === 'ANY' ? '*' : method
+
+      const state = this.#options.disableCookieValidation
+        ? {
+            failAction: 'ignore',
+            parse: false,
+          }
+        : {
+            failAction: 'error',
+            parse: true,
+          }
+
       const hapiOptions = {
         cors: this.#options.corsConfig,
+        state,
       }
 
       // skip HEAD routes as hapi will fail with 'Method name not allowed: HEAD ...'

diff --git a/tests/old-unit/offline.test.js b/tests/old-unit/offline.test.js
@@ -1012,5 +1012,66 @@ describe('Offline', () => {
 
       expect(result.queryString).toHaveProperty('bar', 'baz')
     })
+
+    describe('disable cookie validation', () => {
+      test('should return bad request by default if invalid cookies are passed by the request', async () => {
+        const offline = await new OfflineBuilder(serviceBuilder, {
+          resourceRoutes: true,
+        })
+          .addFunctionConfig('cookie', {
+            events: [
+              {
+                http: {
+                  method: 'GET',
+                  path: 'cookie',
+                },
+              },
+            ],
+            handler: 'tests/old-unit/fixtures/handler.cookie',
+          })
+          .toObject()
+
+        const res = await offline.inject({
+          headers: {
+            Cookie:
+              'a.strange.cookie.with.newline.at.the.end=yummie123utuiwi-32432fe3-f3e2e32\n',
+          },
+          method: 'GET',
+          url: '/dev/cookie',
+        })
+
+        expect(res.statusCode).toEqual(400)
+      })
+
+      test('should return 200 if the "disableCookieValidation"-flag is set', async () => {
+        const offline = await new OfflineBuilder(serviceBuilder, {
+          resourceRoutes: true,
+          disableCookieValidation: true,
+        })
+          .addFunctionConfig('cookie', {
+            events: [
+              {
+                http: {
+                  method: 'GET',
+                  path: 'cookie',
+                },
+              },
+            ],
+            handler: 'tests/old-unit/fixtures/handler.cookie',
+          })
+          .toObject()
+
+        const res = await offline.inject({
+          headers: {
+            Cookie:
+              'a.strange.cookie.with.newline.at.the.end=yummie123utuiwi-32432fe3-f3e2e32\n',
+          },
+          method: 'GET',
+          url: '/dev/cookie',
+        })
+
+        expect(res.statusCode).toEqual(200)
+      })
+    })
   })
 })